upstash-workflow
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and implementation guidelines for Upstash Workflow, a service for managing long-running tasks. The patterns described (Dry-Run, Fan-Out, and Single Task Execution) follow standard software engineering practices for scalability and reliability.
- [SAFE]: No hardcoded credentials or sensitive data exposures were found. The skill correctly references environment variables such as
QSTASH_TOKENandAPP_URLas placeholders for configuration, which is a standard security practice. - [SAFE]: The skill does not contain any obfuscated code, remote execution patterns, or attempts to escalate privileges. All code snippets are plain TypeScript meant for educational or implementation purposes.
- [SAFE]: Network operations are restricted to the intended business logic of the skill, which involves triggering webhooks through the Upstash/QStash infrastructure. Upstash is a well-known service provider, and the integration is documented neutrally.
- [SAFE]: The skill includes robust error handling and payload validation patterns in its examples, which contributes to the overall security posture of the implementations it guides.
Audit Metadata